Category Archives: Software

In the last fifty years, with ever increasing speed, computers have changed the way we do business, listen to music, watch television, interact with each other socially, and the way we look at the world in general. At the core of this technology is code or software that tells ever more complex machines to do ever more complex things. The reason this complexity continues to increase is that none of this code is created in a vacuum.

In some cases, the code is so rudimentary that it is not protectable by copyright or patent.[1] However, just as a word or phrase is not subject to copyright, but a book or even an article in a magazine is, so too is more advanced software protected by intellectual property rights. But just as books are made of smaller chunks (i.e. words and sentences that individually may not be protected), code is often based on the code that came before it. The major difference is that code is (far more so than a book) comprised of mathematic formulas. It is more analogous to compare code to contracts, in which the language has a functional purpose.

As programs exponentially grew in complexity over the years, it was not feasible to recreate every aspect of code from binary or basic. “Reinventing the wheel,” as it were, was just as unrealistic and impractical in the programming sense as it is in the legal sense.[2] Thus, programmers sought ways to legitimately use libraries of code created by themselves and others and to share those libraries. In some cases, this was done within a single company, but as start-up software companies rose and fell, libraries that would survive the dangerous life cycle of the turbulent dotcom/dotbomb era were required. Software developers and designers also saw the advantages of efficient bug detection via software libraries, adhering to the mantra that “given enough eyeballs, all bugs are shallow.”[3]

Enter the open source movement: Software for everyone! However, authors of code generally do not want to give away all of their copyright to their works; they merely want to give others access to their works, and they use licenses to do so. The term “open source software” is generally used for any source code made available via license to study, change, and distribute the software at no cost to anyone and for any purpose.[4]

There are many licenses that fall within that definition. Not all of these licenses are created equally however. The largest variance between them is the degree to which they practice “copyleft” as opposed to “permissive” principles. “Copyleft” is a term used to describe the requirement that “if changes are made to a program’s code, and the changed program is distributed outside an organization, the source code containing the changes must likewise be distributed.” Permissive licenses do not require the modified source code to be distributed or contributed back to the open-source community. Below is a discussion of some of the more common open source licenses, and how the code and the content contained in certain programs are treated differently.

OPEN SOURCE LICENSES

The most common open source licenses that this article will be examining are GPL, LGPL, BSD, Apache, and MIT. GPL is the most “copyleft,” followed by LGPL, but the others are far more permissive. Until recently, GPL was the most widely used open-source license. However, that is changing and now the open-source community has shifted largely to permissive licenses. The most popular community open source projects in recent years have used permissive licenses. Whether “copyleft” or permissive, open-source licensing does require proper attribution (showing where the code came from). How that attribution must occur depends on the license.

GNU General Public License (“GPL”)/AGPLGPL is a “viral” license in that any source code that interacts with code distributed under a GPL license must similarly be distributed under a GPL license. A developer can copy, modify, distribute, and even sell the code. However, as they are required to offer the code for free and clearly display the GPL license permitting others to use the code for free, it is unlikely that a developer under a GPL license would ever receive an asking price for the code itself.[5] One way around this is to distribute the GPL licensed software as a service. Affero GPL or AGPL is a variation of GPL designed to shore up this loophole, making it even more “copyleft” than GPL licenses.

GNU Lesser General Public License (“LGPL”)LGPL is usually used for software libraries. The software that uses the libraries does not need to be redistributed under the GPL or LGPL licenses, however, any changes to the software of the libraries themselves must be released under and LGPL license. This license is a key shift from the strict “copyleft” licenses AGPL and GPL to something that developers can use on commercial projects without being forced to distribute the source code of those projects under GPL licenses.

BSD Licesnes BSD covers a family of permissive open-source licenses, but two stand out: the New BSD License/Modified BSD License, and the Simplified BSD License/FreeBSD License. Both allow developers to use the source code and distribute it without requiring them to distribute the underlying source code. The main difference between the New BSD License and the Simplified BSD License is where the attribution must occur. Both require attribution in the source code files and the documentation for the program, but the New BSD License restricts the use of contributors’ names for endorsement of the derived work without the contributors’ specific provision, and the Simplified BSD license does not. There is also a four clause BSD license that requires attribution in all marketing materials of the program (including every ad and commercial), but that license is no longer widely used.

Apache LicensesApache licenses are used in such open-source license projects as OpenStack, Hadoop, and Android. They are not as simple as BSD, and cover many terms that simpler licenses do not. For example, Apache licenses clearly identify a term and territory (perpetual and worldwide), identify use of the code as fee and royalty free, notify that the license is non-exclusive, and that the grant is irrevocable. Furthermore, Apache licenses attempt to address certain patent issues that other licenses do not.

MIT LicenseThe MIT license, by contrast, is one of the shortest licenses, and consequently one of the broadest. It is used in such open-source projects as JQuery, Hudson/Jenkins, and nodejs. Essentially, as long as you give proper attribution, you can use MIT licensed code for whatever you want. This makes it a very easy license to use for developers who want to contribute code that can be used on commercial projects.

CREATIVE COMMONS

Open-source licenses are designed to address code, not media. Images, sound, and animation would not be able to properly handle the attributions required under open-source licensing. However, there are many communities that share the same open-source spirit in desiring to share their creative works with others for their use. The Creative Commons (“CC”) thus offers a variety of licenses specifically designed to allow creators to allow their creative works to be used by others. Generally all CC licenses require attribution. Additionally, there are three factors that can be modified, depending on the rights a creator wants to grant or restrict:

Share Alike. A work with a “Share Alike” CC license allows for modification of the work and the creation of derivatives, but those derivative works must be licensed under the same license. This is a viral license that follows the work and its derivatives, akin to the “copyleft” licenses discussed above. However, as CC licenses are modular, Share Alike does not in and of itself prevent commercial use.

Non-Commercial. A work with this restriction cannot be used for commercial purposes. The CC have attempted to define what a non-commercial use is, identifying commercial uses as those that are “primarily intended for or directed toward commercial advantage or private monetary compensation.” There is also a report published by the CC to help clarify what does and what does not count as commercial.

No Derivative Works. This restriction prevents subsequent users from modifying, remixing, tweaking, or otherwise changing the work. If a creator is concerned that their work could be misused, then this restriction makes sense. Share Alike and No Derivative Works are mutually exclusive restrictions, as Share Alike applies exclusively to derivative works.

CC licenses are not designed for software, and generally should not be used for software. However, they do provide plain English and full legal versions of their licenses which allows them to be easily used and understood. This makes them very useful for the collaborative creative projects that have been taking the new media sphere by storm. For those who want to combine creative works and coding, proper use of creative commons licenses separate from the open-source licenses for the underlying code should allow creators to properly protect or distribute their works as they see fit.

[2] The equations that make up a section of code have a specific purpose, just as legal language does. The major difference is that altering the terms of a contract is part of the nature of contract drafting (via varying levels of negotiations between two parties), whereas altering code is not as natural; code is often created by a single programmer or team with a common purpose.

Recently, to the presumed delight of attorneys working in the area of internet privacy, states have become increasingly involved in imposing privacy requirements on companies that collect information from users on the internet. Perhaps as a reaction to the lack of a clear overall privacy scheme at the national level, many states are now taking action to protect the privacy of citizens who are using the internet. Such state efforts come in various forms.

Privacy Policies of Internet Companies

In February 2012, the California Attorney General negotiated a deal with six of the largest companies running mobile apps: Apple, Google, Amazon, Microsoft, RIM and Hewlett-Packard—Facebook became the seventh member of this group in June. The deal requires that the companies put forth a written privacy policy on what information is collected and shared. Because the AG lacks the power to write rules for mobile apps, the AG asserts authority under a 2004 state law that broadly requires that “online services” that collect personal information from consumers have privacy policies. Failure to provide such a written policy may result in prosecutions against app makers that mislead California consumers about what uses are made of the personal information collected. Penalties may be as high as $5,000 per download.

It is readily acknowledged that such efforts by states are not as effective or as efficient as a national privacy policy might be. However, in the absence of such a national policy, states feel compelled to fill the void. On a practical level, the existence of fifty different sets of privacy laws can be confusing and can result in the need for attorneys to sort out the checkerboard of legislative initiatives.

Data Security Legislation

In 2003, California enacted a landmark security breach notification law. Since then, nearly every state has adopted a similar law; today, forty-six states (as well as the District of Columbia, Puerto Rico, and the U.S. Virgin Islands) have security breach notification laws on the books, and in the past several years, many state legislatures have introduced amendments and updates to existing security breach notification laws. Recent efforts in Connecticut and Vermont, and similar amendments made by other states last year, demonstrate a growing trend of enhancements to state data security legislation.

On May 5, 2012, Vermont approved a law that requires that notice of data security breaches be given to the Vermont AG. Specifically, such a notice must include: (1) the date of the breach; (2) the date of discovery of the breach; (3) the number of Vermont consumers affected, if known; and (4) a copy of the notice provided to consumers.

On June 15, 2012, Connecticut replaced its security breach notification law. The new law states that if a business is required to provide notice of a data security breach, the business also must notify the Connecticut AG. While Vermont and Connecticut may be the most recent states to adopt AG breach notice requirements, they undoubtedly will not be the last.

On a practical level, it is important for businesses to keep in mind the existence of state AG breach notice requirements. If a business experiences a security incident that requires notice to consumers in one or more states, the business also must consider whether those states have notice requirements to the AG or another state entity.

Other State Privacy Law Efforts

Some state internet privacy laws push the envelope. For example, Facebook and MySpace already bar sex offenders from using their services, but Louisiana feared that the online companies wouldn’t be able to weed out all sex offenders. A new Louisiana law requires sex offenders to state their criminal convictions on their social networking pages. It also requires the offenders to disclose their addresses and describe their physical characteristics. This requirement, scheduled to take effect in August of this year, is the first of its kind in the nation.

States have a legitimate interest in regulating privacy policies on the internet. It will be intersting to see how far the legislative interest extends. Will it extend to the local level? When cable televison was first introduced, city and local governments were agressive in exercising their regulatory powers. It will be interesting to see if, now, city and local governments will similarly advance some kind of dominion over the internet, and if they do, what form it will take. Regardless of whether they join the cause, privacy rights will continue to be an area rife with conflict and in need of uniformity.

Kevin Mills is an owner of the law firm of Kaye & Mills where his practice focuses on advising clients with transactions across a full range of issues in entertainment, media, technology, Internet and general business. His practice encompasses copyright; trademark; trade dress; trade secret; brand protection; content creation, protection and distribution; and general corporate, organizational and business matters.

Don’t be fooled by James Cameron’s propaganda – when a ship is sinking, a desperate passenger on board will grasp at anything and stop at nothing for survival. In the sea of copyright litigation, the Java computer language is this frazzled passenger, and Oracle is the sinking ship.

Oracle has acquired the patents for Java from Sun Microsystems and is now suing Google over them. Java is a powerful, object-based computer language, so versatile that it can easily be implemented in html code (or its cousin java-script) to create websites and cell phone applications. Google’s mobile operating system, Android, which is running most cell phones around the world, is allegedly founded on the Java API.

If Java is so popular then why is the Oracle ship sinking? Initially, Oracle claimed that Google was infringing on seven patents, but before opening arguments could even begin, five of those patents were thrown out. With regard to the two remaining, allegedly infringing patents, Oracle’s projected line of arguments relies primarily on copyright infringement of the two patent technologies.

Google’s argument is that the Java API is not copyrightable because it is a functional item. Copyright law only protects tangible mediums of expression, not ideas, mechanisms, or operations. For example, one notable case held that an accountant’s columnar notebook was not copyrightable despite its originality and its tangible fixation, because it was a functional item that facilitated tabulation. Similarly, most courts have held that computer code is not copyrightable because of its functionality. For this reason, the task of software protection has largely been relegated to the realm of patent law.

Oracle’s argument relies on outdated precedent and cases that were decided in an era before iPads and smartphones existed. Oracle’s first salient argument is that the Java API is a literary work, and therefore a copy of any portion of it is an infringement. Google did in fact literally cut, paste, and use portions of the Java API in its development of Android. However, after these actions led to lawsuits, Google wrote brand new code as a work-around and took out all copied code from Android, thereby preventing Oracle from raising any claims in equity. But clearly, the Java API is not merely text like the words in a novel – it is part of a system of functions that affects how a high-level computer language interacts with hardware on a touch screen interface. Like E=MC2, Java is a series of equations, capable of receiving a variable or command and producing data. And if Einstein couldn’t patent E=MC2, Oracle’s patent claims for the general Java API should also be impermissible. Further, Oracle should be denied copyright protection for the Java API, as Java is a highly functional API and therefore categorically excluded from copyright protection.

Oracle’s second argument is that Google knew that the Java API was copyrighted since there are various emails indicating that Google co-founder Sergey Brin knew or should have known that a license was required in order to use Java. However, copyright law does not have a state of mind requirement. The work is a copy or it is not; good faith or bad faith is not a central issue, and prior belief that a work requires a license has no bearing on liability.

If Oracle wins its copyright arguments, there will be a boom and revival in software copyright litigation. But it’s more likely that Oracle’s arguments will sink or they will settle.

Does your client have an idea for an app? A really cool one that is even better than the one your friend told you about just yesterday?

You are not alone. As everyone knows, apps are big. And now we have an idea of just how big. A little-reported study from TechNet, a technology trade group, finds that the demand for applications for games and other things has created 466,000 jobs in the U.S. since 2007. Currently, nearly one-half of mobile phones are smart phones. New uses for apps will tie the phone to home appliances, other home uses and to new uses in the workplace.

Today, there are more than 500,000 apps available for the iPhone and Apple’s iPad tablet alone. Add to that a proliferation of other mobile devices designed to run on operating systems made by Google, Research in Motion, and Microsoft. It is amazing to think that this economy didn’t exist until 2007 when the iPhone first made its debut and Facebook turned its website into a platform for other programs designed for its rapidly growing audience.

The natural focus of discussions about apps is on technology and functionality but there are significant legal issues that should not be ignored. Every mobile software application has three distinct parts, all of which have legal implications: (1) the software that runs the application; (2) the “toolkit” that allows the application to operate on the mobile platform (such as Google’s Android and Apple’s iOS); and (3) the application’s launch icon.

(1) Usually the developer owns the rights to the software that runs the app. Care needs to be taken in forming the entity that owns that software. Depending on factors such as the source of development financing, the people involved in the project, the source of intellectual property used in the creation of the app, the allocation of revenues generated, a different entity may need to be formed for each app developed. In any event, whether a company structure is used or not, there needs to be a written agreement between the parties developing the app as to how revenue and profit from each app will be split.

(2) In order to become a “registered developer” for a mobile device platform owner such as Apple or Google, a software toolkit that will enable the app to run on that platform will need to be licensed. That license agreement must be read carefully as sometimes ownership rights to the app software are granted in return for the toolkit license. In addition, other provisions in the license agreement need to be considered such as exclusivity, termination rights, reverse engineering of the app and prohibitions against developing apps whose “look and feel” are too similar to other apps already in use on the platform and the right to license the app to a competing platform.

(3) Regarding the icon used, trademarking or copyrighting will be required.

Beyond that, there needs to be a software developer agreement with each person working on the development of the apps. The terms of such agreements can vary widely and need to be negotiated carefully.

There are also customer and consumer issues that need to be considered. Examples include privacy issues and involve stated privacy policies and, very importantly, subsequent changes made to them. Certain issues are too significant to be left to the terms of the privacy policy alone. Instead, they should be brought directly to the user’s attention. Privacy issues also spring from the use of information collected from people using the app. In certain circumstances, privacy obligations attach even to information in analytics reports that are seen by no one other than the owner of the app.

Of course, it needs to be specifically mentioned that any app designed for use by children requires special attention and needs to satisfy additional criteria.

If you are forming a new start-up company to jump into the app fray, there are the usual corporate and company matters to be tackled, the elements of which are beyond the scope of this article.

Kevin Mills is an owner of the law firm of Kaye & Mills where his practice focuses on advising clients with transactions across a full range of issues in entertainment, media, technology, Internet and general business. His practice encompasses copyright; trademark; trade dress; trade secret; brand protection; content creation, protection and distribution; and general corporate, organizational and business matters.